Hackers steal data from MtGox server and release it with Mark's reddit account.

[Moebius327]

Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?  

My guess is the db was stolen from a business associate/employee.

left from the leaker:

Code:

<!-- I hated working with you.   You deserve everything you get for what you did. -->

[WindMaster]

Top 10 (apparent) account balances in the leaked database dump:

711a4e9d-e183-...    44547.7 BTC
34fcda44-5832-...    43768.2 BTC
c0b24126-f199-...    19985.0 BTC
92d047e9-9f2b-...    11500.6 BTC
ff84fc35-b22a-...    11007.8 BTC
0afba433-817e-...     9819.2 BTC
19b38844-b58b-...     8752.6 BTC
945e5a15-4100-...     8000.0 BTC
4339257e-4b12-...     6051.3 BTC
0766852e-9187-...     5199.9 BTC

Ouch, I don't feel too bad now about losing single-digit quantities of BTC.  I'd assume that at least some of these accounts are Mark however (depending whether or not one believes he took the BTC himself).

[Patel]

Is there any proof in these documents if these coins were stolen by Gox, or stolen by hackers?

[Hawkix]

I found some 100k BTC *deposits* into MtGox in 2012-05 .. nice.

[Moebius327]

Is there any proof in these documents if these coins were stolen by Gox, or stolen by hackers?

Some accounts have negative balances. Not that this proves anything.

[Loozik]

the hackers removed december, january and february, but the user endbalances are right.

December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder 

[Patel]

My theory is that Mark Karpeles himself leaked this documents and is pretending his website and reddit got hacked, to strengthen his argument that the coins got hacked.

There isn't really any way to prove if he did or not.

[Timo Y]

I can confirm that this leak is legit!

I checked the leak against some of my known trades and they match. I never disclosed this information to anyone.

[jbrnt]

Are there any email and passwords in the leaked data? Cos I had an account there and am worried about the leak.

[rocks]

Is there any proof in these documents if these coins were stolen by Gox, or stolen by hackers?

Some accounts have negative balances. Not that this proves anything.

Maybe those are the accounts that used transaction malleability to withdraw the same funds several times over? 

No that would assume Mark had some level of competency required to get his customer service and accounts in order.

[Moebius327]

the hackers removed december, january and february, but the user endbalances are right.

December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder 

because there are no hackers and mark made the leak himself?

[The Bitcoin Foundation]

Wheres our 11,000BTC Mark!-

[mrdavis]

Are there any email and passwords in the leaked data? Cos I had an account there and am worried about the leak.

You should assume nefarious people have all your personal data you gave Gox, even if not included here.

the hackers removed december, january and february, but the user endbalances are right.

December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder  

This and the data nanashi____ leaked were both old, I think I even remember it being pointed out that the source code leaked was probably old.  Seems that another possible explanation (which still implies Karpeles' incompetence) is this hack happened earlier or the hack involved an old server image.

[mrdavis]

Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?  

Is there data that suggest this? I'm not yet on a machine with an environment I can open it, so I'm only going off the reports of the last few months missing from the CSV. or is that just based on when the rumors of this started. Until I see data that proves the hack happened after the shutdown I'm going to assume they don't have it because it happened before or only involved a backup.

I mean, at this point it wouldn't surprise me in the least if Mark still had it facing the web, but I'm not about to trust the word of the hackers without evidence.


EDIT: Ah, user end balances are supposedly correct, that would be evidence supporting the word of the hackers.

[WindMaster]

EDIT: Ah, user end balances are supposedly correct, that would be evidence supporting the word of the hackers.

My last trade was on 2014-01-23, and the balance in the leaked data is correct for what my BTC balance was at that point.  So, apparently it happened on or after that date.  If enough people post after checking their accounts in the leaked data, we can determine the earliest date the leak could have occurred by consensus.  At least for the final user balance dump.

[Loozik]

the hackers removed december, january and february, but the user endbalances are right.

December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder  

because there are no hackers and mark made the leak himself?

Maybe. I have three four explanations (including yours):

1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'')

2. Hackers are connected to the ''thieves'' (and did not reveal december, january and february in order to protect the ''thieves'')

3. Hackers are neither connected to Mark nor ''thieves'' (and did not reveal december, january and february in order to run their own investigation on who withdrew easily large amount of coins and fiat - when all other people had problems with withdrawals - in december, january, february thus causing Gox to collapse).

4. Hackers need time to alter december, january, february data for reasons we can't yet understand.


Dear hackers, if option 3 is the correct one, please give us unaltered december, january and february data, so that we could investigate too  

[WindMaster]

1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'')

On a closely related note to option #1, note that the original post and data dump is still posted on Mark's personal blog, several hours later.  I do find that somewhat suspicious.  It shouldn't have taken particularly long for Mark to notice, and to take corrective action to remove the post and data (assuming he is able).

http://blog.magicaltux.net/

[BrewCrewFan]

1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'')

On a closely related note to option #1, note that the original post and data dump is still posted on Mark's personal blog, several hours later.  I do find that somewhat suspicious.  It shouldn't have taken particularly long for Mark to notice, and to take corrective action to remove the post and data (assuming he is able).

http://blog.magicaltux.net/

Coulda been sleeping... its like the middle of the night over there.

[Alonzo Ewing]

I haven't downloaded anything due to fear of malware, but would I be able to get my trade data off this?  I need it to do my taxes.

[V4Vendettas]

Great a life time of goxxing inbound. What a massive clusterfuck.

So identity theft aside its kind of funny you have more chance getting you account information from hackers than Gox themselves.

I honestly think Mark has effected my life in a bad way more than any other human being.